Hello,
I'm struggling a bit with an issue when using Apache as a reverse proxy when needing to use differing Authentication. I've searched for a couple of days now, but nothing matching what I'm seeing has come up.
The scenario is that I am using Apache as a reverse proxy, but sending a sub-path to different backend like so (extremely simplified):
<Location "/foo/bar">
</Location>
<Location "/foo">
</Location>
This works without issue. However, as soon as I try to put authentication on the second location (or more accurately different authentication directives), any request to "/foo/bar" triggers auth:
Example:
<Location "/foo/bar">
</Location>
<Location "/foo">
AuthType basic
AuthName "Restricted"
AuthUserFile /usr/local/apache2/.htpasswd
Require valid-user
</Location>
In the logs, set to trace8, I see that now apache is matching the REQUEST_URI to the wrong proxy handler:
"attempting to match URI path '/foo/bar' against prefix '/foo' for proxying
"authorization result of Require valid-user : denied (no authenticated user)"
Without any auth, the logs correctly show the request to `/foo/bar` being routed to the correct proxy handler 'proxy:
http://host2:8080/foo/bar'.
If anyone has any ideas on why adding auth completely blows up the proxy routing, I'd appreciate it. Otherwise, I'll have to create two proxy servers, just to handle each case.
